Un nouveau virus Dldr.Fraud.XA [RESOLU]

[fredorp59]

Bonjour à tous, je suis de retour avec un nouveau virus prit dans la tronche, eh un nouveau, 1, eh zut!!!!!!!!!

 

Bon, voilà, je suis aller sur un mauvais site web et j'ai reçu un virus, SWF/Dldr.Fraud.XA SWF virus détecté par Avira antivir donc je poste le rapport HijactThis en mode normal : ( le virus est mit en quarantaine )

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:39, on 25/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\Documents and Settings\Administrateur\Bureau\HiJackThis\freddy.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec Star Downloader - E:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190657965562

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214512375078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SlimFTPd - Unknown owner - G:\slimftpd\SlimFTPd.exe (file missing)

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

 

--

End of file - 11568 bytes

Modifié le 28 juin 2009 par garrapotaloto

[fredorp59]

Re, s'il vous plait, aidez-moi a éradiqué ce virus.

 

Cordialement,

garrapotaloto.

[fredorp59]

Bonjour,

 

aidez-moi svp, Dldr.Fraud.XA détecté par Avira antivir. ( mit en quarantaine).

Modifié le 26 juin 2009 par garrapotaloto

[Falkra]

Bonjour,

 

à faire des up aussi rapprochés, on pense en lisant la page d'index des sujets qu'il est pris en charge, puisqu'il y a des réponses...

 

Ton rapport ne met rien en évidence.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : Si MBAM te demande à redémarrer, fais-le.

[fredorp59]

Ton rapport ne met rien en évidence.

 

Oui normale car j'ai mit les fichiers trouvés en quarantaine avec Avira Antivir donc il faut peut-être les supprimés de la quarantaine avant.

 

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre.

* A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :

Citation

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. icon_wink.gif

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

 

 

NB : Si MBAM te demande à redémarrer, fais-le.

 

D'accord sa sera fait

 

Cordialement,

garrrapotaloto.

Modifié le 26 juin 2009 par garrapotaloto

[Falkra]

Oui normale car j'ai mit les fichiers trouvés en quarantaine avec Avira Antivir donc il faut peut-être les supprimés de la quarantaine avant.

Ouaip, c'est le mécanisme classique. Ne touche pas à la quarantaine, ça ne craint rien dedans, et en cas de faux positifs, ça sert toujours : la quarantaine est faite pour y laisser des trucs.

 

On voit le rapport MBAM et on avise.

[fredorp59]

Ok, le voici ce rapport :

 

Malwarebytes' Anti-Malware 1.38

Version de la base de données: 2337

Windows 5.1.2600 Service Pack 3

 

26/06/2009 11:51:27

mbam-log-2009-06-26 (11-51-27).txt

 

Type de recherche: Examen rapide

Eléments examinés: 128285

Temps écoulé: 16 minute(s), 20 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Rien d'anormal mais Avira Antivir en rescannant l'objet, il a été détecté comme suspicious

 

Le virus a été détecté dans le cache de Mozilla Firefox pour plus de précisions

 

Cordialement,

garrapotaloto.

[Falkra]

Poste le rapport d'Antivir stp.

[fredorp59]

Re,

 

voilà le rappport d'Antivir après analyse : (virus toujours en quarantaine mais retrouver comme suspicieux donc peut être un faux positif)

 

 

 

Avira AntiVir Personal

Report file date: vendredi 26 juin 2009 21:34

 

Scanning for 1429418 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : FRED

 

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 09/06/2009 17:34:51

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:17:25

ANTIVIR2.VDF : 7.1.4.133 2048 Bytes 24/06/2009 18:17:25

ANTIVIR3.VDF : 7.1.4.144 82944 Bytes 26/06/2009 17:57:00

Engineversion : 8.2.0.199

AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 20:27:16

AESCRIPT.DLL : 8.1.2.10 418171 Bytes 25/06/2009 18:18:17

AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 20:28:51

AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41

AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 17:23:55

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 17:58:07

AEHEUR.DLL : 8.1.0.137 1823095 Bytes 26/06/2009 17:57:31

AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 17:28:52

AEGEN.DLL : 8.1.1.46 348533 Bytes 19/06/2009 17:55:38

AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40

AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 17:23:53

AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 27/04/2009 09:34:59

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 09/06/2009 17:34:50

RCTEXT.DLL : 9.0.37.0 86785 Bytes 27/04/2009 09:34:59

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, E:, F:, G:, H:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: vendredi 26 juin 2009 21:34

 

Starting search for hidden objects.

'70378' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'java.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'wlcomm.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'TeamViewer.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'searchindexer.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned

Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'msvsmon.exe' - '1' Module(s) have been scanned

Scan process 'msvsmon.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'SSMMgr.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'VTTimer.exe' - '1' Module(s) have been scanned

Scan process 'sqlservr.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'inetinfo.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'BRSS01A.EXE' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'BRSVC01A.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

49 processes with 49 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Boot sector 'G:\'

[iNFO] No virus was found!

Boot sector 'H:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '66' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Frédéric01>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\Administrateur\Local Settings\Temp\MessengerCache\sdWKi2JLx7y2FZ6RnLFGe0tcrK7w=

[0] Archive type: CAB (Microsoft)

--> 0000011697_000000000000000676969.jpg

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'E:\' <Frédéric02>

E:\TELECHARGEMENTS\JEUX\SERIOUS SAM SE\Cheats\SaveGames All Levels.exe

[0] Archive type: ACE SFX (self extracting)

--> SaveGame\Player0\SaveGame0000.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0000Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0002.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0002Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0003.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0003Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0004.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0004Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0005.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0005Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0006.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0006Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0008.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0008Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0009.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0009Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0010.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0010Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0011.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0011Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0013.sav

[WARNING] Out of memory! The virus or unwanted program was not deleted!

--> SaveGame\Player0\SaveGame0013Tbn.tex

[WARNING] Out of memory! The virus or unwanted program was not deleted!

[WARNING] Out of memory! The virus or unwanted program was not deleted!

Begin scan in 'F:\' <Frédéric03>

Begin scan in 'G:\' <Frédéric04>

Begin scan in 'H:\' <Frédéric05>

 

 

End of the scan: vendredi 26 juin 2009 23:14

Used time: 1:39:29 Hour(s)

 

The scan has been done completely.

 

12878 Scanned directories

411577 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

411575 Files not concerned

3318 Archives were scanned

27 Warnings

1 Notes

70378 Objects were scanned with rootkit scan

0 Hidden objects were found

 

 

 

 

a+

[Falkra]

Huh, cette triche pour Serious Sam, il n'arrive pas à la décompresser ? Ca ne dit pas que c'est un virus pour autant.

Le reste du rapport est ok.

 

Si ton virus en quarantaine est passé à suspect, il y a fort à parier que ce soit un faux positif.

 

On peut le vérifier, tu connais virustotal ?